President Obama released a long-awaited cybersecurity executive order Tuesday night along with his fifth State of the Union address, outlining new policies aimed at stemming the tide of cyberespionage on American companies and government agencies, as well as shoring up the defenses for American critical infrastructure vulnerable to cyberattacks.

Embargoed until the delivery the State of the Union address, US President Obama signed the expected and highly anticipated cybersecurity executive order. With potentially serious implications for US and foreign citizens’ privacy, here’s what you need to know.

Since nothing has been happening in Washington lately except speeches, President Obama seized the moment and ended his State of the Union day by issuing an Executive Order (EO) and Presidential Policy Directive 21 (PPD-21) on critical infrastructure cybersecurity.

The 2013 Threat Report from the Websense® Security Labs (WSL) is now available. The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read.

At the end of 2011, Google released version 4.0 of its Android operating system for smartphones. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks.

In this month’s report, we find that the email malware rate has dropped significantly since December, where only one in 400 emails containing a virus in January. This is the lowest virus rate we’ve seen since 2009.

One of the great things about working within SpiderLabs is that we prefer to use our own tools whenever possible. The biggest advantage to using your own toolset is lot more control over what’s happening during the testing process; helping to avoid any nasty side effects.

This article intends to provide quick basic Ruby on Rails security tips for developers. The Rails framework abstracts developers from quite a bit of tedious work and provides the means to accomplish complex tasks quickly and with ease. New developers, those unfamiliar with the inner-workings of Rails, likely need a basic set of guidelines to secure fundamental aspects of their application. The intended purpose of this doc is to be that guide.

PunkSPIDER is a global web application vulnerability search engine powered by PunkSCAN. What that means is that we have built a scanner and architecture that can handle a massive number of web application vulnerability scans, set it loose on the Internet, and made the results available to you.

This is an English language localisation of mimikatz. Mimikatz uses admin rights on Windows to display passwords of currently logged in users in plaintext. Mimikatz was written by Benjamin “gentilkiwi” Delpy.

I came across an interesting article by scriptjunkie (which you should really read) about running code on a machine at any time using service-for-user. By changing one line in the export XML of a scheduled task you effectively get a scheduled task that can run whether or not a user is logged in, whether or not the system reboots, whether or not you have the user’s password, run as a limited user, and doesn’t require bypassing UAC!

The technique that has given me most joy is memory analysis. Each application on android is run in the Dalvik VM and is allocated it’s own heap space. Android being android, free and open, numerous ways of dumping the contents of the application heap exist. There’s even a method for it in the android.os.

The problem with crypto is that it is processor intensive (i.e. slow), so it’s common, these days, to offload these functions to a dedicated hardware co-processor which will leave the main processor free to do whatever it is that it’s supposed to be doing and not faffing about with crypto.

I managed to get shell, capture, and reveal the root password, which I will be sharing with you here since I’m 99.999% sure it’s the same on all the Shoretel Mobility Routers, but lets start where we left off.

Analyzing an exploit and understanding exactly how the exploit lands can take a long time due to inadequate analysis tools. One way to speed up understanding how an exploit behaves is to use Vtrace and VDB. In this post I explain how to create a custom VDB debugger in order to detect, analyze, and prevent execution of an exploit payload.

Vendor/Software Patches

Microsoft Security Updates

Assessing risk for the February 2013 security updates – blogs.technet.com
Today we released twelve security bulletins addressing 57 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

MS13-018 addresses a potential denial-of-service condition in the Windows TCP/IP stack. This vulnerability could be leveraged by an attacker in certain circumstances to exhaust a server’s non paged pool, preventing it from making new TCP connections.

Adobe and Microsoft each have issued security updates to fix multiple critical vulnerabilities in their products. Adobe released updates for Flash Player, AIR and Shockwave; Microsoft pushed out a dozen patches addressing at least 57 security holes in Windows, Office, Internet Explorer, Exchange and .NET Framework.

A bug in Apple‘s iOS 6.1 update allows anyone with physical access to an iPhone the ability to make calls, view and modify contacts, and even access to photos via the Contacts app, even if the device is protected by a passcode.

So, iOS 6.1 hasn’t been Apple’s finest hour. So far it’s been plagued with connection issues, battery woes, and now it’s sadly insecure, too. You can bypass any lockcode on an iPhone using this straightforward sequence of button presses.

A recently found exploit that bypasses the sandbox anti-exploitation protection in Adobe Reader 10 and 11 is highly sophisticated and is probably part of an important cyberespionage operation, the head of the malware analysis team at antivirus vendor Kaspersky Lab said.

Early on Halloween morning, members of Facebook’s Computer Emergency Response Team received an urgent e-mail from an FBI special agent who regularly briefs them on security matters. The e-mail contained a Facebook link to a PHP script that appeared to give anyone who knew its location unfettered access to the site’s front-end system.

The kernel vulnerability leveraged by evasi0n lies in the com.apple.iokit.IOUSBDeviceFamily driver in iOS. An application may talk to this driver using the IOUSBDeviceInterface user client, allowing it to access and communicate with a USB device as a whole.

Facebook has announced in a blog post that it’s been the target of an attack that gained access to its corporate network using a security vulnerability in Oracle’s Java software, although the social media firm says it believes no user data was accessed.

Joe Stewart’s day starts at 6:30 a.m. in Myrtle Beach, S.C., with a peanut butter sandwich, a sugar-free Red Bull, and 50,000 or so pieces of malware waiting in his e-mail in-box. Stewart, 42, is the director of malware research at Dell SecureWorks, a unit of Dell (DELL), and he spends his days hunting for Internet spies.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.